Install Plugin (Recommended)


Recommended for Technical Users

This method requires use of a Command Line Interface and knowledge of your codebase. If you're not a developer yourself, we recommend getting a developer to help you—or you can try our Quick Import method.

The preferred way to integrate FOSSA is to analyze code locally with our Dependency Analysis CLI, our open sourced build client fossa-cli and upload the results.

This method requires some upfront configuration but is the most performant, accurate, and secure method of integration.

Pick this method if:

  • You don’t want to give FOSSA servers access to your code (due to IT, policy or logistical reasons)
  • You need accurate and performant build results
  • You already have a configured build environment in a CI or local dev machine
  • You are willing to import and configure projects one at a time

Get started by installing the client with this one-liner terminal command (Windows, Mac, Linux) or download directly from our Releases page:

curl -H 'Cache-Control: no-cache' | bash
@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString(''))"

Then, follow our documentation on GitHub or view our Supported Languages for in-depth configuration advice.

After configuration, you should be able to just run fossa and get a link to a report in the output:


   View FOSSA Report:{YOUR_LINK}


This import method takes advantage of existing build environments. Therefore, it works great for one-off scans or complex codebases that require pre-configured CIs for high-performance builds.

What’s Getting Uploaded?

Using FOSSA’s plugin is secure: it does not grant FOSSA any code access and will only send back public dependency signatures to In fact, you can directly preview what is getting uploaded by running fossa -o and even inspect our code openly on GitHub to understand the exact behavior.

For example, the results for your project may be:

    "Name": "fossa-cli",
    "Type": "golang",
    "Manifest": "",
    "Build": {
      "Dependencies": [
          "locator": "$d5c53b8d0552a7bf6b36457cd458d27c80e0210b",
          "data": {
            "name": "",
            "version": "d5c53b8d0552a7bf6b36457cd458d27c80e0210b"

What’s Next